Download
| Alert*
oval:org.secpod.oval:def:2000409
webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack. oval:org.secpod.oval:def:114895 The mr command can checkout, update, or perform other actions on a set of repositories as if they were one combined repository. It supports any combination of subversion, git, cvs, mecurial, bzr and darcs repositories, and support for other revision control systems can easily be added. |